HA Mode Nebula (Workaround?)
Options
ItMerc
Posts: 8
in Nebula Ideas
As much as we want to have a cloud managed firewall, we also want to have an HA mode configured to improve redundancy.
Unfortunately this is currently not supported in Nebula, because a cloud managed firewall is essential I have thought about a "Workaround".
It works as follows:
In Nebula create an organization with 2 sites, 1 site called Office *address* Master
and 1 site called Office *address* Slave.
So:
Site 1: Office *address* Master
Site 2: Office *address* Slave
(Both sites are paired to the same organization).
Import the master firewall to site 1, in this case we will call it: FW-M (M=Master).
Import the slave firewall to site 2, in this case we will call it: FM-S (S=Slave).
Configure Site 1 (Master site) as you will.
In Nebula there is an option to synchronize the configuration between sites, this will be useful to minimize the changes in case of a failover scenario.
Okay, let's say there is an incident and the master firewall must be replaced with the slave. It would work as follows:
•In Nebula, remove the master firewall from site 1 (through the inventory)
•After deleting the master firewall, you can move the slave firewall from site 2 to site 1 (master site)
•When selecting the "move to another site" function, you will be prompted to select the mode which the firewall will be configured on the other site. Because the firewall is already managed through Nebula, you can select "Nebula Native Mode" and the slave firewall will automatically be active in site 1. (After physically replacing the master firewall).
The only downside to this "Workaround" is that the firewall needs to be physically replaced.
Unfortunately this is currently not supported in Nebula, because a cloud managed firewall is essential I have thought about a "Workaround".
It works as follows:
In Nebula create an organization with 2 sites, 1 site called Office *address* Master
and 1 site called Office *address* Slave.
So:
Site 1: Office *address* Master
Site 2: Office *address* Slave
(Both sites are paired to the same organization).
Import the master firewall to site 1, in this case we will call it: FW-M (M=Master).
Import the slave firewall to site 2, in this case we will call it: FM-S (S=Slave).
Configure Site 1 (Master site) as you will.
In Nebula there is an option to synchronize the configuration between sites, this will be useful to minimize the changes in case of a failover scenario.
Okay, let's say there is an incident and the master firewall must be replaced with the slave. It would work as follows:
•In Nebula, remove the master firewall from site 1 (through the inventory)
•After deleting the master firewall, you can move the slave firewall from site 2 to site 1 (master site)
•When selecting the "move to another site" function, you will be prompted to select the mode which the firewall will be configured on the other site. Because the firewall is already managed through Nebula, you can select "Nebula Native Mode" and the slave firewall will automatically be active in site 1. (After physically replacing the master firewall).
The only downside to this "Workaround" is that the firewall needs to be physically replaced.
I know this is not the most sophisticated approach or the most practical for an HA configuration, but I think for a workaround this enabled to still manage firewall through Nebula with the option to "Failover".
Let me know what you think and share your idea's.
1
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
